Joris Evers of ZDNet.com writes:
Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products.
The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft’s Security Response Center, said in an interview with CNET News.com. Typical flaws are unforeseen gaps in programs that hackers can take advantage of and run code. By contrast, the WMF problem lies in a software feature being used in an unintended way.
Continue reading “Microsoft To Hunt For New Species Of Windows Bug”
It’s available on Windows Update now – I just updated five computers. Joris Evers of ZD net.com writes:
Microsoft released a fix for a serious security vulnerability in Windows on Thursday, several days before the patch’s scheduled delivery.
The company is breaking with its monthly patch cycle because it completed testing of the security update earlier than it anticipated, it said in a note on its Web site. “In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible,” the company said.
Continue reading “Microsoft Pushes WMF Patch Early”
Steve Gibson of GRC.com writes:
Ilfak Guilfanov, well known in “reverse engineering” circles for his wildly popular IDA Disassembler, needed a temporary patch for his own system due to the seriousness of the WMF vulnerability, so he wrote one!
Continue reading “Temporary WMF Exploit Patch Available!”
This is another report on the Windows vulnerability I posted a bit earlier. Suzi Turner of ZDNet.com writes:
…Sunbelt researchers have collected more than 50 variants of the WindowsMetafiles (WMF) and documented a number of domains running this exploit. Email, blog talkbacks, guestbook links, all could be used to spread this infection. In fact, I know someone who got infected by clicking on a user’s homepage link at a forum.
Continue reading “New Zero Day Exploit Seen In The Wild”